Richard de Vries – Page 4 – Tales from a Security Professional

Phishing emails – The one thing you don’t want to receive, but you can’t avoid it. So, now what?

A phishing email is a fraudulent attempt by scammers or cybercriminals to deceive recipients into revealing sensitive information, such as passwords, usernames, credit card details, or personal identification information. These emails are designed to appear as if they are sent by legitimate organizations, such as banks, social media platforms, or e-commerce websites, in order to trick individuals into providing their confidential data. And as phishing emails as a technique has proven to be effective, the adversaries will continue dispatching them. So, the question is what can you do to protect yourself? In this article, I give some tips on how to deal with phishing emails.

May 21, 2023

Management / Security Operation Center

Do you really need 24×7 eyes-on-screen in the Security Operation Center?

This is a challenging question that is not easy to answer because it depends on several things. There are good arguments for having 24×7 eyes-on-screen in a Security Operation Center. But there are also strong arguments for implementing a different model.

May 14, 2023

Management / Security Operation Center

Can you piece back the puzzle of the timeline?

Sooner or later, the environment you are responsible for will be hit by a security incident. Small or big. But no matter how significant the incident is, the high-level steps to remediate the incident are the same. Identification, containment, eradication, and post-mortem. And each of these steps has one thing in common. The timeline. In order to contain the incident, you need to find both Patient Zero and Moment Zero. Most people are familiar with the term Patient Zero. But what is Moment Zero?

April 22, 2023

Management / Security Operation Center

Judgment day: are you ready for it?

If you are a security professional, you know this day is coming. The day the security is breached. And you think you have all the relevant processes and procedures in place. Let’s zoom out a little bit. According to NIST, a security incident has five distinct phases: identification, containment, eradication,...

March 26, 2023

Security Operation Center / Threat Intelligence

Do you have an effective cyber hunting team?

In cybersecurity, everything is evolving rapidly. It is an ongoing battle between adversaries and defenders. And the terrible thing is, the defenders indeed drew the short end of the stick. They need to defend against any type of threat while the adversary has the time and can sharpen and perfect his threat. Therefore, the logical question is ‘How do you keep up with the developments of the adversaries?’

March 12, 2023

Management / Vulnerability Management

Are you really remediating all the discovered vulnerabilities?

According to an article published by PcMag, LastPass was breached in 2022 by a 3-year-old vulnerability! You would expect that a security vendor is remediating all discovered vulnerabilities swiftly. But that on its own raises a few questions. Questions like ‘Do you really scan all your assets?’ and ‘Do you really track remediation efforts?’. These are questions that every CISO/Security Manager should be asking its vulnerability scanning team. But is it that simple?

March 5, 2023